package com.dt.dubai.core.comm;

import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;

/**
 * 防止字符串sql注入过滤方法
 */
public class SqlUtils {

    public static Object clearSqlCode(Object obj) {
        if (obj instanceof String) {
            String st = (String) obj;
            if (StringUtils.isNotEmpty(st)) {
                st = st.replaceAll("\'", "''");
                st = st.replaceAll("\"", "");
                st = st.replaceAll("--", "");
                return st;
            }
        }
        return obj;
    }


    public static Object clearWebCode(Object obj) {
        if (obj instanceof String) {
            String st = (String) obj;
            st = st.replaceAll("<", "-&lt;");
            st = st.replaceAll(">", "-&gt;");
            return st;
        }
        return obj;
    }


    public static void main(String[] arge) {

//        String st = "fas''df--1231\"23";
//        System.out.println(SqlUtils.clearSqlCode(st));
//
//        String st2 = "<fasdf--123123>";
//        System.out.println(SqlUtils.clearWebCode(st2));
//        System.out.println(st2.replaceAll(">", "--11&gt;"));

        String s = "<alert>(123)(*&^%$#@!)</alert>";
        s = StringEscapeUtils.escapeHtml4(s);
        System.out.println(s);
        String sql="1' or '1'='1";
        System.out.println("防SQL注入:"+ StringEscapeUtils.unescapeEcmaScript(sql));	// ???防SQL注入


        System.out.println("转义HTML :"+ StringEscapeUtils.escapeEcmaScript(s));	// ???防SQL注入
        System.out.println("转义HTML :"+ StringEscapeUtils.unescapeEcmaScript("&lt;alert&gt;(123)(*&amp;^%$#@!)&lt;\\/alert&gt"));	// ???防SQL注入

        System.out.println("转义HTML,注意汉字:"+StringEscapeUtils.escapeHtml4("<font>chen中国  xing</font>")); 	//转义HTML,注意汉字
        System.out.println("反转义HTML:"+StringEscapeUtils.unescapeHtml4("<font>chen中国  xing</font>"));	//反转义HTML

        System.out.println("转成Unicode编码："+StringEscapeUtils.escapeJava("中国人")); 	//转义成Unicode编码
        System.out.println("Unicode编码转成："+StringEscapeUtils.unescapeJava("\\u4E2D\\u56FD\\u4EBA")); 	//转义成Unicode编码

        System.out.println("转义XML："+StringEscapeUtils.escapeXml11("<name>中国人</name>")); 	//转义xml
        System.out.println("反转义XML："+StringEscapeUtils.unescapeXml("<name>中国人</name>")); 	//转义xml

        System.out.println(StringEscapeUtils.escapeHtml4("<div></div>"));
        System.out.println(StringEscapeUtils.unescapeHtml4("<div></div>"));
        System.out.println(StringEscapeUtils.unescapeHtml4("&lt;div&gt;&lt;/div&gt;"));

    }


}
